GDPR Compliance

1. Introduction to GDPR

The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy that applies to all individuals within the European Union and the European Economic Area. It also addresses the transfer of personal data outside these areas. The GDPR aims to give individuals control over their personal data and to simplify the regulatory environment for international business.

At LinkBurrow, we are committed to ensuring that all personal data processing activities comply with the GDPR and the UK Data Protection Act 2018. This GDPR Compliance statement explains how we collect, use, and protect your personal data in accordance with these regulations.

This GDPR Compliance statement should be read alongside our Privacy Policy, which provides more detailed information about our data processing activities.

2. Data Controller Information

LinkBurrow is the data controller responsible for your personal data. Our contact details are:

LinkBurrow
[Your Company Address]
Email: privacy@linkburrow.com

Data Protection Officer (DPO): We have appointed a Data Protection Officer who is responsible for overseeing questions in relation to this GDPR Compliance statement. If you have any questions about this statement, including any requests to exercise your legal rights, please contact the DPO using the details set out above.

3. Your Rights Under GDPR

Under the GDPR, you have the following rights in relation to your personal data:

Right to be informed - You have the right to be informed about the collection and use of your personal data.
Right of access - You have the right to request copies of your personal data.
Right to rectification - You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
Right to erasure - You have the right to request that we erase your personal data, under certain conditions.
Right to restrict processing - You have the right to request that we restrict the processing of your personal data, under certain conditions.
Right to data portability - You have the right to request that we transfer the data we have collected to another organization, or directly to you, under certain conditions.
Right to object - You have the right to object to our processing of your personal data, under certain conditions.
Rights related to automated decision making and profiling - You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

You will not have to pay a fee to access your personal data or to exercise any of the other rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

Important: Please note that while we will make every effort to comply with your rights requests, there may be instances where we are legally permitted to retain certain information. For example:

Information that is publicly available on your LinkBurrow page may have been indexed by search engines or saved by third parties
We may need to retain certain information to comply with legal obligations
We may need to retain information for the establishment, exercise, or defense of legal claims

4. Legal Basis for Processing

Under the GDPR, we must have a legal basis for processing your personal data. We rely on the following legal bases for processing your personal data:

Consent - Where you have given clear consent for us to process your personal data for a specific purpose.
Contract - Where processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.
Legal obligation - Where processing is necessary for compliance with a legal obligation that we are subject to.
Legitimate interests - Where processing is necessary for the purposes of legitimate interests pursued by us or a third party, except where such interests are overridden by your interests, rights, or freedoms.

The specific legal basis for processing your personal data will depend on the purpose for which we are processing it. For more information about the specific legal basis we rely on for each type of processing, please refer to our Privacy Policy.

5. Data Processing Activities

We process personal data for the following purposes:

Account creation and management - To create and manage your LinkBurrow account.
Service provision - To provide our services to you, including hosting your LinkBurrow page.
Communication - To communicate with you about your account, our services, and updates.
Improvement of services - To analyze usage patterns and improve our services.
Security - To detect and prevent fraud, abuse, and security incidents.
Legal compliance - To comply with legal obligations.

For each of these processing activities, we collect only the personal data that is necessary for the specified purpose. We do not process personal data in a way that is incompatible with the purposes for which it was collected.

We retain personal data only for as long as is necessary for the purposes for which it was collected, or for legal or regulatory reasons. For more information about our data retention practices, please refer to our Privacy Policy.

6. International Data Transfers

We may transfer your personal data to countries outside the UK and European Economic Area (EEA). Whenever we transfer your personal data out of the UK or EEA, we ensure a similar degree of protection is afforded to it by implementing at least one of the following safeguards:

We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission or UK authorities.
Where we use certain service providers, we may use specific contracts approved by the European Commission or UK authorities which give personal data the same protection it has in Europe and the UK.
Where we use providers based in the US, we may transfer data to them if they are part of a framework that ensures they provide similar protection to personal data shared between Europe, the UK and the US.

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK or EEA.

7. Data Security Measures

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

Our security measures include:

Encryption of personal data where appropriate
Regular security assessments of our systems
Staff training on data protection and security
Access controls and authentication procedures
Regular backups to prevent data loss
Physical security measures for our premises and servers

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

8. Data Breach Procedures

In the event of a personal data breach, we will:

Assess the risk to individuals' rights and freedoms
Notify the relevant supervisory authority (such as the Information Commissioner's Office in the UK) without undue delay and, where feasible, within 72 hours of becoming aware of the breach, if the breach is likely to result in a risk to individuals' rights and freedoms
Notify affected individuals without undue delay if the breach is likely to result in a high risk to their rights and freedoms
Document all breaches, including the facts relating to the breach, its effects, and the remedial action taken

We maintain internal breach reporting procedures to ensure that all staff know how to identify and report a breach.

9. How to Exercise Your Rights

If you wish to exercise any of your rights under the GDPR, please contact us using the contact information provided at the end of this document. To help us respond to your request efficiently, please:

Provide sufficient information to identify yourself (e.g., your full name, email address, and username)
Specify which right(s) you wish to exercise
Provide any additional information that may help us respond to your request

We will respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Verification: For security reasons, we may need to verify your identity before processing your request. We may ask you to provide additional information to confirm your identity.

If you are not satisfied with our response to your request, you have the right to lodge a complaint with a supervisory authority. In the UK, this is the Information Commissioner's Office (ICO), which can be contacted at:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: 0303 123 1113
Website: https://ico.org.uk

10. Contact Information

If you have any questions about this GDPR Compliance statement or our data protection practices, please contact us: